This invention relates to a method and apparatus for encryption of data, in particular in the case where the data to be encrypted is in data blocks, and the data to be encrypted contains data blocks having different levels of importance.
It is known to generate data in a scalable form, that is, in a form in which the data remains usable, even if a part of the data is no longer present. Specifically, in the case of video data, it is known to generate the data in a form that is suitable for transmission over a wide variety of networks, or over a single network with variable characteristics. Then, the data is transcoded. That is, depending on the available bandwidth over which one copy of that data is to be transmitted, some of the data may be discarded, so that the remaining data rate matches the available bandwidth.
Examples of such scalable coding schemes include the H.264 SVC and MPEG-4 FGS coding schemes. In general terms, scalable coding schemes encode the video data in packets, with the packets having different levels of importance. If the encoded data is to be transmitted over a wide bandwidth network, then all of the data can be transmitted. If the encoded data is to be transmitted over a network having a smaller bandwidth, then some of the packets at the lower levels of importance can be truncated or dropped. If the encoded data is to be transmitted over a network having a still smaller bandwidth, more of the packets can be truncated or dropped.
Different coding schemes allow different types of scalability. For example, in the case, of temporal scalability, frames of the video sequence can be referred to as I frames, P frames, and B frames. In decoding the data, only packets relating to I frames are used in recreating the I frames; packets relating to I frames and to P frames are used in recreating the P frames; and packets relating to I frames and P frames as well as the B frames are used in recreating the B frames of the video sequence. Thus, data packets relating to I frames have the highest importance level, while data packets relating to B frames have the lowest importance level. If it is necessary to reduce the data rate, data packets relating to B frames can be dropped without affecting the ability to decode the I frames or the P frames. If it is necessary to reduce the data rate further, data packets relating to P frames can be dropped without affecting the ability to decode the I frames.
In the case of spatial scalability, data packets can be similarly arranged, so that all of the packets are required in order to recreate the video sequence at the maximum spatial resolution, while some of the packets having lower importance can be dropped, allowing the video sequence to be recreated, albeit with a lower spatial resolution.
In the case of quality scalability, the video data is similarly encoded into packets having a highest importance level, and other packets at one or more lower importance level. Starting by discarding packets at the lowest importance level, the data rate can be reduced, while still allowing the video sequence to be recreated from the remaining data packets at a lower quality.
As mentioned above, there are various scalable encoding schemes, allowing different types of scalability, and different levels of scalability. In all cases, the data is encoded in packets having different levels of importance, such that some or all of the packets having lower importance can be dropped, allowing the video sequence to be recreated from the packets having higher importance.
It is also known to encrypt video data before transmission, for example so that a content provider can ensure that only a paying subscriber is able to decrypt the data and see the video.
In the case of data that is to be encrypted in its entirety, and then transmitted to a recipient, it is possible to use a chaining encryption and decryption scheme, whereby the first block of data is combined with an Initialization Vector, before being encrypted with a known key. The result of this encryption is then combined with the second block of data, before being encrypted with the known key, and so on. The Initialization Vector can be sent to the recipient and, if that recipient also knows the key, the recipient is able to decrypt the data.
However, because it is necessary to decrypt every block of data, in order to be able to decrypt the subsequent blocks, it is not possible to use this scheme to encrypt data that might be transcoded before it is decrypted.
As an alternative, in principle, it is possible to encrypt each packet of the data independently so that, in the transcoding process, some of the data packets can be discarded, and the remaining packets can still be decrypted. However, this means either that the same Initialization Vector must be used to encrypt and decrypt multiple blocks of data, which reduces the security of the encryption, or that a different Initialization Vector for each data block must be transmitted to the recipient, which significantly increases the total amount of data to be transmitted. The other alternative would be to avoid the use of initialization vectors altogether, leading to a lower level of security.